Minnesota Department of Human Services (DHS) suffered a data breach incident after a DHS employee accidentally emailed the parent billing statements of 4,307 individuals involved in the program.
The billing statements included first and last names, addresses, DHS-generated billing account numbers, and parental fee account activity.
DHS implemented new procedures to address the error that led to the incident, and communicated these procedure changes to staff.
TPRM report: https://scoringcyber.rankiteo.com/company/minnesota-department-of-human-services
"id": "min164122123",
"linkid": "minnesota-department-of-human-services",
"type": "Data Leak",
"date": "11/2022",
"severity": "60",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': 4307,
'industry': 'Public Sector',
'location': 'Minnesota, USA',
'name': 'Minnesota Department of Human Services',
'type': 'Government Agency'}],
'attack_vector': 'Human Error',
'data_breach': {'number_of_records_exposed': 4307,
'personally_identifiable_information': ['first and last names',
'addresses'],
'sensitivity_of_data': 'Medium',
'type_of_data_compromised': ['Personal Information',
'Account Information']},
'description': 'Minnesota Department of Human Services (DHS) suffered a data '
'breach incident after a DHS employee accidentally emailed the '
'parent billing statements of 4,307 individuals involved in '
'the program. The billing statements included first and last '
'names, addresses, DHS-generated billing account numbers, and '
'parental fee account activity.',
'impact': {'data_compromised': ['first and last names',
'addresses',
'DHS-generated billing account numbers',
'parental fee account activity']},
'post_incident_analysis': {'corrective_actions': ['Implemented new procedures '
'to address the error',
'Communicated procedure '
'changes to staff'],
'root_causes': 'Human Error'},
'response': {'remediation_measures': ['Implemented new procedures to address '
'the error',
'Communicated procedure changes to '
'staff']},
'title': 'Minnesota DHS Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Human Error'}